Facebook Goof Allowed Users to Access Without Passwords

I'm sure you realize that nothing you post on Facebook is private or secure. If you think it is secure, think again. It has recently been discovered that with the help of a simple program called "Burp Suite", a brute-force attack could be performed - without a password - and full access granted to your account. the attacker could them change the password and voila - your entire life is ruined. This vulnerability has been fixed, but who knows how long it was in the wild. Way to go.

This system allowed Prakash to log-in to Facebook profiles, access all manner of information, and post status updates on behalf of the page owner. He was even able to access credit card information, meaning that players of Farmville and Candy Crush are particularly vulnerable.

Source: TheInquirer